Ruby 1.9.3 update fixes RubyGems security problem - Update
The maintenance release of the scripting language, labelled 1.9.3-p194, updates RubyGems to close a security hole that caused SSL server verification to fail for remote repositories. This has been addressed by disallowing redirects from https to http connections and by enabling the verification of server SSL certificates in an updated version of RubyGems, 1.8.23; more details on these issues are provided in the latest RubyGems History file. The developers encourage those who use https source in
/etc/gemrc to upgrade as soon as possible.
Further information about the update, including a full list of bug fixes, can be found in the official release announcement and in the change log. Ruby 1.9.3-p194 is available to download from the project's site, and is distributed under either the Ruby Licence or the GPL.
Update 23-04-12: The developers have now released an update to the 1.9.2 branch of Ruby (1.9.2-p320) to correct the RubyGems security problem.
- Ruby 1.9.3 arrives with licence change, a report from The H.